New RAMBO Attack Uses RAM Radio Signals to Steal Data from Air-Gapped Networks

A novel side-channel attack has been found to leverage radio signals emanated by a device's random access memory RAM as a data exfiltration mechanism, posing a threat to air-gapped networks. The technique has been codenamed RAMBO short for "Radiation of Air-gapped Memory Bus for Offense" by Dr...

NewStart CGSL CORE 5.05 / MAIN 5.05 : openssh Vulnerability (NS-SA-2024-1002)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has openssh packages installed that are affected by a vulnerability: - openssh: A security regression CVE-2006-5051 was discovered in OpenSSH's server sshd. There is a race condition which can lead sshd to handle some signals i...

OESA-2024-1789 glib2 security update

GLib is a bundle of three formerly five low-level system libraries written in C and developed mainly by GNOME. GLib's code was separated from GTK, so it can be used by software other than GNOME and has been developed in parallel ever since. Security Fixes: An issue was discovered in GNOME GLib...

OESA-2024-1790 glib2 security update

GLib is a bundle of three formerly five low-level system libraries written in C and developed mainly by GNOME. GLib's code was separated from GTK, so it can be used by software other than GNOME and has been developed in parallel ever since. Security Fixes: An issue was discovered in GNOME GLib...

OESA-2024-1787 glib2 security update

GLib is a bundle of three formerly five low-level system libraries written in C and developed mainly by GNOME. GLib's code was separated from GTK, so it can be used by software other than GNOME and has been developed in parallel ever since. Security Fixes: An issue was discovered in GNOME GLib...

OESA-2024-1788 glib2 security update

GLib is a bundle of three formerly five low-level system libraries written in C and developed mainly by GNOME. GLib's code was separated from GTK, so it can be used by software other than GNOME and has been developed in parallel ever since. Security Fixes: An issue was discovered in GNOME GLib...

CVE-2024-6387

A security regression CVE-2006-5051 was discovered in OpenSSH's server sshd. There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period...

CVE-2024-6387

A security regression CVE-2006-5051 was discovered in OpenSSH's server sshd. There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period. Mitigation The...

Malicious code in signals-logger (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-3017 Malicious code in signals-logger (npm)

--- -= Per source details. Do not edit below this line.=-...

SUSE CVE-2024-38614

In the Linux kernel, the following vulnerability has been resolved: openrisc: traps: Don't send signals to kernel mode threads OpenRISC exception handling sends signals to user processes on floating point exceptions and trap instructions for debugging among others. There is a bug where the trap...

GLib: Privilege Escalation

Background GLib is a library providing a number of GNOME's core objects and functions. Description A vulnerability has been discovered in GLib. Please review the CVE identifier referenced below for details. Impact When a GDBus-based client subscribes to signals from a trusted system service such ...

CVE-2024-38614

In the Linux kernel, the following vulnerability has been resolved: openrisc: traps: Don't send signals to kernel mode threads OpenRISC exception handling sends signals to user processes on floating point exceptions and trap instructions for debugging among others. There is a bug where the trap...

DEBIAN-CVE-2024-38614

In the Linux kernel, the following vulnerability has been resolved: openrisc: traps: Don't send signals to kernel mode threads OpenRISC exception handling sends signals to user processes on floating point exceptions and trap instructions for debugging among others. There is a bug where the trap...

CVE-2024-38614

CVE-2024-38614 affects the Linux kernel OpenRISC traps handling. The issue: trap handling could send signals to kernel-mode threads (not user processes), which should not occur; it may be treated as an error when it happens. The patch adds explicit checks to terminate/die when these exceptions ar...

CVE-2024-38614 openrisc: traps: Don't send signals to kernel mode threads

In the Linux kernel, the following vulnerability has been resolved: openrisc: traps: Don't send signals to kernel mode threads OpenRISC exception handling sends signals to user processes on floating point exceptions and trap instructions for debugging among others. There is a bug where the trap...

CVE-2024-38614 openrisc: traps: Don't send signals to kernel mode threads

In the Linux kernel, the following vulnerability has been resolved: openrisc: traps: Don't send signals to kernel mode threads OpenRISC exception handling sends signals to user processes on floating point exceptions and trap instructions for debugging among others. There is a bug where the trap...

[SECURITY] Fedora 40 Update: qt5-qtserialport-5.15.14-1.fc40

Qt Serial Port provides the basic functionality, which includes configuring, I/O operations, getting and setting the control signals of the RS-232 pinouts...

Microsoft is named a leader in the Forrester Wave for XDR

“Defenders think in lists, attackers think in graphs.”1 This remains a reality for the many organizations that operate across siloed security tools, fueling the demand on security operations SOC teams, as advanced cyberattacks continue to increase in frequency and speed. That’s where extended...

RHEL 8 : glib2 (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - glib2: Signal subscription vulnerabilities CVE-2024-34397 Note that Nessus has not tested for this issue but has...